Today, just over 200 days from the scheduled sunset date for key provisions in the U.S. FISA Amendments Act, or FAA, more than 30 major companies and industry organizations have joined the call for substantive reform for the law, echoing the proposals Access Now began to push for last year. We welcome the coalition’s letter and call on the U.S. Congress to act immediately to implement these reforms.
This past December, Access Now issued a new call for U.S. surveillance reform. We launched our campaign to push for reform of invasive legal authorities, particularly Section 702 of the FAA, that are used to collect the personal information and communications of people around the world, in the absence of suspicion and without regard for human rights. We charted the history, details, and legal challenges to Section 702, and set out several ways to reform the law to bring it closer in line with global standards for fundamental human rights. The reforms we proposed included:
- Prohibiting acquisition of communications from non-targets;
- Strengthening the standards for collection;
- Increasing the transparency of the FISA Court; and
- Increasing public reporting.
We explained that not only does the FAA put the U.S. out of alignment with global human rights standards, but it also threatens the free flow of data internationally. This is because Section 702 of the FAA is at the crux of the 2015 decision by the Court of Justice of the European Union (“CJEU”) to strike down the E.U.-U.S. Safe Harbor, the arrangement that provided the legal basis for companies to process the personal data of people in the E.U. in the United States. Negotiators eventually created the Privacy Shield to replace the Safe Harbor, but the new arrangement did nothing to reform the core surveillance authorities and activities in Section 702 (and it also failed to adequately protect user data). As we have pointed out before, if Section 702 is not reformed, the Privacy Shield should, and likely will, suffer the same fate as the Safe Harbor agreement.
Our recommendations for reforming Section 702 don’t fix all of the ways that the law interferes with human rights. As we explained, “[u]ltimately, the only real way to ‘fix’ it would be to allow it to sunset. However, the simple truth is that the U.S. Congress is not likely do that.” Consequently, we identified key reforms to remedy some of the major problems with the law, while also providing the necessary transparency regarding continued use of its authorities to allow the reform discussion to continue in anticipation of a future sunset date.
When we first published our recommendations, many people thought we were pushing for changes that we would never see. But today we’ve seen progress. Last month, the U.S. National Security Agency halted its practice of “about” collection — that is, the practice of collecting information not only to or from surveillance targets, but also “about” those targets (meaning the NSA collects the communications of people who are not relevant to an investigation). This was one of our core asks, and the NSA ceasing this practice is a major victory for the human rights of people around the world. We have called on the U.S. Congress to codify these changes immediately.
Today’s letter from major companies echoes that call, as well as supporting other changes we are asking for. We welcome this development. In the effort to reform surveillance, we are all stronger when we work with allies.
But what about the Privacy Shield? This agreement still urgently needs substantial reform to bring its data protection elements in line with E.U. law and ensure the proper level of protection for personal data. However, we believe that, if codified, these Section 702 reforms — substantive changes accompanied by increased transparency and oversight and a new sunset date — would represent a significant first step in the reform process required to drive the Privacy Shield arrangement through its upcoming review by the European Commission, which will be conducted in consultation with data protection authorities and civil society.
We urge the Commission to push immediately for stronger data protection provisions, including changes to the arrangement’s permissive self-certification provisions. In the long term, the Commission should also require top U.S. officials at intelligence agencies to commit to continued meaningful engagement on the topic of reform, not only of Section 702 but also Executive Order 12333, and evince that the arrangement may still be struck down without further reforms to protect human rights. Only with additional changes for data protection, along with further commitments to review surveillance, does the arrangement have any chance at withstanding the current challenges to Privacy Shield already before the CJEU.
We call on the U.S. Congress to heed this call for reform and act now to move the U.S. forward, toward the necessary protections for our fundamental human rights. With these changes, the U.S. can set an example that should be followed by other countries, including many in the European Union, by reforming, not expanding, rights-harming surveillance powers. We’ll keep on fighting on the front lines for these changes, and we welcome our new partners in this critically important effort.